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Remarks 

Claims 1-41 are currently pending in the subject application and are presently 
under consideration. Claims 1, 12, 16, 26, and 41 have been amended as shown on pp. 2- 
9 of the Reply. 

Applicants' representative thanks Examiner Baum for the courtesies extended 
during the telephonic interview conducted on August 7, 2007. The Examiner was 
contacted to discuss the rejections under 35 U.S.C. § 102 and interpretation of the cited 
prior art references with respect to limitations of independent claims 1, 12, 16, 17, 26, 30, 
31,39, and 41 . No agreement was reached. 

Favorable reconsideration of the subject patent application is respectfully 
requested in view of the comments and amendments herein. 

I. Rejection of Claims 1-41 Under 35 U.S.C. $102(b) 

Claims 1-41 stand rejected under 35 U.S.C. § 102(b) as being anticipated by 
Swilcr et al., U.S. Patent 7,013,395 Bl . It is requested that this rejection be withdrawn 
for at least the following reasons. Swiler et al. does not disclose each and every element 
of the claimed subject matter. 

A single prior art reference anticipates a patent claim only 
if it expressly or inherently describes each and every 
limitation set forth in the patent claim. Trintec Industries, 
Inc. V. Top-U.S.A. Corp., 295 F.3d 1292, 63 USPQ2d 1597 
(Fed. Cir. 2002); See Verdegaal Bros. v. Union Oil Co. of 
California. 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. 
Cir. 1987). The identical invention must be shown in as 
complete detail as is contained in the ... claim. 
Richardson v. Suzuki Motor Co., 868 F.2d 1226, 9 USPQ2d 
1913, 1920 (Fed. Cir. 1989) (emphasis added). 

The claimed subject matter relates to a tool that provides an automated process, 
component, and that generates a set (or subset) of security guidelines, security data, and/or 
security components. An input to the tool can be in the form of an abstract description or 
model of a factory, wherein the factory description includes one or more assets to be 
protected, and associated pathways to access the assets. Security data generated by the 
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tool includes a set of recommended security components, related interconnection topology, 
connection configurations, application procedures, security policies, rules, user 
procedures, and/or user practices. (See Specification, paragraph 9). Toward this end, 
claim 1 (and similarly claims 12, 16, and 41) recites a security analysis tool for an 
automation system, comprising: an interface component to generate a description of 
factory assets, wherein the description includes at least one of shop floor access 
patterns, Intranet access patterns, Internet access patterns, and wireless access 
patterns. Swiler et al. fails to disclose such claimed aspects. 

Swiler et al. describe modeling network risks based on an attack graph. Each 
node in the graph represents a possible attack state. A node contains information about 
the physical machine(s) the attacker has accessed, the user privilege level the attacker has 
gained, and effects of the attack so far, such as placement of Trojan horses or 
modification of access control. Edges represent a change of state caused by a single 
action taken by the attacker (including normal user transitions if they have gained access 
to a normal user's account) or actions taken by an unwitting assistant (such as the 
execution of a Trojan horse). The attack graph is automatically generated given three 
t3^es of input: attack templates, a configuration file, and an attacker profile. Attack 
templates represent a generic attack step including necessary and acquired security 
attributes {e.g., attacker capabilities and/or system vulnerabilities). {See col. 4, lines 32- 
47). 

However, Swiler et al. is silent with respect to the aforementioned claimed 
features of applicants' invention. In particular, Swiler et al. does not provide for a 
description that includes access patterns as in applicant's claimed invention. 

In view of at least the foregoing, it is readily apparent that Swiler et al. does not 
teach or suggest the subject inventions as recited in independent claims 1, 12, 16, and 41 
(and associated dependent claims). This rejection should be withdrawn. 

Claim 17 (and similarly claim 26) recites a security validation system, 
comprising: a scanner component to automatically interrogate an automation system at 
periodic intervals for security related data. Swiler et al. fails to disclose such claimed 
aspects. Swiler et al. merely discloses automatically generating an attack graph. Swiler 
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et al. is silent with respect to the claimed functionality of automatically interrogating an 
automation system at periodic intervals. 

In view of at least the foregoing, it is readily apparent that Swiler et al. does not 
teach or suggest the subject inventions as recited in independent claims 17 and 26 (and 
associated dependent claims). This rejection should be withdrawn. 

Claim 30 recites an automated security validation system, comprising: means for 
scanning one or more networks or automation devices for potential security violations; 
means for initiating a security procedure in response to the security violations; and 
means for performing at least one of security assessments, security compliance checks; 
and security vulnerability scanning to mitigate the security violations. Swiler et al. fails 
to disclose such claimed aspects. Swiler et al. merely discloses automatically generating 
an attack graph. Swiler et al. is silent with respect to the claimed functionality of 
mitigating a security violation. 

In view of at least the foregoing, it is readily apparent that Swiler et al. does not 
teach or suggest the subject inventions as recited in independent claim 30. This rejection 
should be withdrawn. 

Claim 3 1 recites a security learning system for an automation environment, 
comprising.- a learning component to monitor and learn automation activities during a 
training period; and a detection component to automatically trigger a security event 
based upon detected deviations of subsequent automation activities after the training 
period. Swiler et al. fails to disclose such claimed aspects. Swiler et al. merely discloses 
automatically generating an attack graph. Swiler et al. is silent with respect to the 
claimed functionality of monitoring and learning automation activities during a training 
period. 

In view of at least the foregoing, it is readily apparent that Swiler et al. does not 
teach or suggest the subject inventions as recited in independent claim 31 (and associated 
dependent claims). This rejection should be withdrawn. 

Claim 39 recites a security learning method, comprising: monitoring a network 
for a predetermined time; automatically learning at least one data pattern during the 
predetermined time; and generating an alarm if a current data pattern is determined to 
be outside of a predetermined threshold associated with the at least one data pattern. 
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Swiler et al. fails to disclose such claimed aspects. Swiler et al. merely discloses 
automatically generating an attack graph. Swiler et al. is silent with respect to the 
claimed functionality of monitoring a network for a predetermined time and 
automatically learning at least one data pattern during the predetermined time. 

In view of at least the foregoing, it is readily apparent that Swiler et al. does not 
teach or suggest the subject inventions as recited in independent claim 39 (and associated 
dependent claim 40). This rejection should be withdrawn. 
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Conclusion 

The present application is believed to be in condition for allowance in view of the 
above comments and amendments. A prompt action to such end is earnestly solicited. 

In the event any fees are due in connection with this document, the Commissioner 
is authorized to charge those fees to Deposit Account No. 50-1063. 

Should the Examiner believe a telephone interview would be helpful to expedite 
favorable prosecution, the Examiner is invited to contact applicants' undersigned 
representative at the telephone number below. 



Respectfully submitted, 
Amin, Ttjrocy & Calvin, llp 



/Himanshu S. Amin/ 
Himanshu S. Amin 
Reg. No. 40,894 

Amin, Turocy & Calvin, llp 
24™ Floor, National City Center 
1900 E. 9™ Street 
Cleveland, Ohio 44114 
Telephone (216) 696-8730 
Facsimile (216) 696-8731 
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